Report Finds Huawei Deliberately Left Papua New Guinea Government Open to Spying

August 11, 2020 Updated: August 12, 2020

A report commissioned by the Papua New Guinea (PNG) government has suggested that China-based telecommunication giant Huawei deliberately created software vulnerabilities in a PNG government cyber data centre they built, the Australian Financial Review has reported.

The Aug. 11 article revealed that a government inquiry had uncovered that the Port Moresby Data Centre had a “catalogue” of significant security flaws after Huawei used out-of-date encryption software and insufficient firewalls to store PNG government archives, which left the PNG government open to espionage.

Both the firewalls and the code used for encrypting information were acknowledged as “openly broken” by cybersecurity experts two years before being installed in Port Moresby in 2018.

“Core switches are not behind a firewall. This means that remote access would not be detected by security settings within the appliances,” the report noted, according to the AFR.

The report also alleged that in the Huawei-run centre’s data flows “were easily intercepted” and that security settings would not detect remote access to secret files and data of the PNG government.

It suggested this feature was a deliberate attempt by Huawei to deploy lax cybersecurity.

Huawei has been under increasing pressure internationally for its potential use by the Chinese Communist Party for espionage activities.

Currently, Australia, The United States, the UK, and New Zealand have banned Huawei from its 5G infrastructure projects over security concerns.

AFR also advised that the report revealed any efforts by Huawei to utilise the centre for espionage were thwarted when the lack of maintenance at the Port Moresby Data Centre caused it to fall into physical disrepair.

The construction, which was funded by a loan from China’s EXIM Bank, has left the PNG government with a US$53 million debt to the Chinese regime.

PNG Asks for Australian Help to Restore the Data Centre

The 2019 report into the Port Moresby Data Centre was commissioned after the PNG government sought help from the Australian government to restore operations at the data centre.

Completed by PNG Cyber Security Centre, the report has so far failed to sway the Australian government who have announced no plans to help Port Moresby with the project.

In 2019, the Australian and PNG governments established a National Cyber Security Centre that DFAT argues will enable “Papua New Guinea to benefit from advanced communications technology while protecting its critical information and communications technology infrastructure from incidents.”

Foreign Minister Marise Payne said she was pleased that the project would support Papua New Guinea’s economic growth in the 21st century.

“Robust cybersecurity is a fundamental element of growth and prosperity in the global digital economy,” Payne said.

According to Australia’s Department of Foreign Affairs and Trade (DFAT), Australia is PNG’s single largest trading and commercial partner, with bilateral trade worth A$6.7 billion in 2018.

Australia also provided in 2019-2020 an estimated $607.5 million in aid to the neighbouring nation.

Nearly 2 million Papua New Guineans still live in poverty or face financial hardship. It is estimated that 80 to 85 percent of Papua New Guineans still live in very traditional rural communities, where most make their living from subsistence gardens and small-scale cash cropping.